Slackware Local Security Checks : Slackware: Security Advisory (SSA:2009-128-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63965

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2009-128-01)

Resumen: The remote host is missing an update for the 'gnutls' package(s) announced via the SSA:2009-128-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnutls' package(s) announced via the SSA:2009-128-01 advisory.

Vulnerability Insight:
New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current
to fix security issues.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

[links moved to references]

Here are the details from the Slackware 12.2 ChangeLog:
+--------------------------+
patches/packages/gnutls-2.6.2-i486-2_slack12.2.tgz
Patched the following security issues:
- Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil .
- Noticed when investigating the previous GNUTLS-SA-2009-1 problem.
All DSA keys generated using GnuTLS 2.6.x are corrupt.
For more information, see:
[links moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'gnutls' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1415
BugTraq ID: 34783
http://www.securityfocus.com/bid/34783
http://security.gentoo.org/glsa/glsa-200905-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:116
http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://www.securitytracker.com/id?1022157
http://secunia.com/advisories/34842
http://secunia.com/advisories/35211
http://www.vupen.com/english/advisories/2009/1218
XForce ISS Database: gnutls-dsa-code-execution(50257)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50257
XForce ISS Database: gnutls-dsa-dos(50260)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50260
XForce ISS Database: gnutls-libgnutls-dos(50445)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50445
Common Vulnerability Exposure (CVE) ID: CVE-2009-1416
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html
http://www.securitytracker.com/id?1022158

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63965
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2009-128-01)
Resumen:	The remote host is missing an update for the 'gnutls' package(s) announced via the SSA:2009-128-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnutls' package(s) announced via the SSA:2009-128-01 advisory. Vulnerability Insight: New gnutls packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: [links moved to references] Here are the details from the Slackware 12.2 ChangeLog: +--------------------------+ patches/packages/gnutls-2.6.2-i486-2_slack12.2.tgz Patched the following security issues: - Corrected double free on signature verification failure. Reported by Miroslav Kratochvil . - Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All DSA keys generated using GnuTLS 2.6.x are corrupt. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'gnutls' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1415 BugTraq ID: 34783 http://www.securityfocus.com/bid/34783 http://security.gentoo.org/glsa/glsa-200905-04.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:116 http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515 http://www.securitytracker.com/id?1022157 http://secunia.com/advisories/34842 http://secunia.com/advisories/35211 http://www.vupen.com/english/advisories/2009/1218 XForce ISS Database: gnutls-dsa-code-execution(50257) https://exchange.xforce.ibmcloud.com/vulnerabilities/50257 XForce ISS Database: gnutls-dsa-dos(50260) https://exchange.xforce.ibmcloud.com/vulnerabilities/50260 XForce ISS Database: gnutls-libgnutls-dos(50445) https://exchange.xforce.ibmcloud.com/vulnerabilities/50445 Common Vulnerability Exposure (CVE) ID: CVE-2009-1416 http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516 http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00018.html http://www.securitytracker.com/id?1022158
Copyright	Copyright (C) 2012 Greenbone AG